Activedumpsnet Logo
A system administrator identifies unusual network traffic from outside the local network. Which of the following
is the BEST method for mitigating the threat?
An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After
reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following
BEST describes what is occurring?
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are
MOST important for log integrity? (Choose two.)
Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been
compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATT&CK matrix has the responder discovered?
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with
archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator’s removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?
According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator’s group. Which of the following actions should the security administrator take?
Senior management has stated that antivirus software must be installed on all employee workstations. Which
of the following does this statement BEST describe?
The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?
An incident at a government agency has occurred and the following actions were taken:
-Users have regained access to email accounts
-Temporary VPN services have been removed
-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
-Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?